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DETAILED ACTION 

This office action is responsive to amendment filed on 9/4/2007. 

Response to Amendment 
The examiner has acknowledged the amended claims 1, 9, 19 and 27. 

Response to Arguments 
Applicant's arguments, filed on 9/4/2007, have been fully considered but they are 
not persuasive. 

Applicants argument, see page 11, paragraph #5, with respect to the Rothrock 
license, is not persuasive. The Rothrock license contains a signature and a data 
structure that defines at least one security factor ID and an associated factor value. The 
system reads the data structure, sets a security factor value for a security factor, the 
security factor corresponding to the security factor ID, to the associated factor value 
from the data structure, allows access to the content, and performs security processing 
by the system at a level based at least in part on the security factor value (see 
Abstract). As such, the license contains sensitive security information for a resource 
requester, as is required by claims 1, 9, 19, and 27. 

Applicant's argument, see page 12, paragraph #2, with respect to the Rothrock 
agent, is not persuasive. The agent may decode and decrypt a buffer of encrypted 
digital content as part of the playing of the content by the player (see FIG. 6, block 134). 
As such, the agent does provide the access to the content. 

Applicant's argument, see page 12, paragraph #3, with respect to calculating a 
code-ID, is not persuasive. The security factor value is associated with the security 
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factor ID (claim 1 and FIG. 5) in the Rothrock reference. This is equivalent to 
associating a code-ID with an RR id in the instant application. The agent IVK performs 
signature and integrity verification of modules using SBDFS (FIG. 6) is the same as 
imparting trust to an RR particularly required by claims 9 and 27. 

In view of Applicant's argument (see page 12, paragraph #4), the examiner has 
pointed out where exactly the Rothrock reference reads on the limitations of the claims 
(see rejections below). 

Thus, in view of such, the rejection is sustained as follows: 

Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351 (a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-5, 9-15, 19-23 and 27-33 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Rothrock (US 7,174,320 B2, hereinafter Rothrock). 

Regarding claim 1 , Rothrock discloses a method of obtaining a resource from a 
resource provider (RP) for a resource requester (RR) operating on a computing device, 
the RP being a software or hardware construct providing the resource, the RR having 
an identity descriptor (id) associated therewith, the id including security-related 
information specifying an environment in which the RR operates, the method 
comprising: 
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loading the RR onto the computing device [col. 4, lines 4-10, loads the main 
application program. Note that the player application and the user are being considered 
as a resource requester/receiver.]; 

loading the id corresponding to the RR onto the computing device [col. 4, lines 
15-21, user's identity]; 

providing the RR with a reference to the loaded id [col. 6, lines 51-53, security 
factor ID]; 

calculating a code identity (code-ID) corresponding to and based on the loaded 
RR and loaded id [col. 6, lines 51-53, security factor value]; 

receiving a request from the RR for the resource [col. 2, lines 26-30, access the 
content implies sending/receiving a request]; 

ascertaining that the requesting RR has rights to the resource and is to be 
trusted with the resource [col. 8, lines 19-21, the agent performs signature verification 
on the content license and determines if the user has the rights to play the content.]; 

forwarding the request for the resource from the RR to the RP, the forwarded 
request including the calculated code-ID for the requesting RR, the id for the requesting 
RR, and a definition of the resource requested by the RR, the RP verifying that the 
calculated code-ID in the forwarded request matches one of one or more valid code-IDs 
for the identified RR, concluding based thereon that the RR can be trusted as being a 
known RR that can be presumed to be trustworthy, and also that the security-related 
information upon which the RR operates is known security-related information that can 
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be presumed to be trustworthy, and responding to the forwarded request by providing 
the requested resource [FIGs. 6, 7, and col. 7, line 64 - col. 8, line 48]; 

receiving, by the RR, the requested resource as provided by the RP, and 
employing same in a manner consistent with the trust imparted to the RR by the RP, 
and in accordance with the security-related information set forth in the id corresponding 
to the RR [FIG. 6, block 134, and col. 8, lines 45-49, the agent may decode and 
decrypt a buffer of encrypted digital content as part of the playing of the content by the 
player. As such, the player receives the content and may perform other operation on 
the content.]. 

FIGS. 6 and 7 show flow diagrams of the process according to Rothrock's 
invention. Rothrock discloses the method of securely obtaining a content access as 
described in the instant claims. The player application and the user are being 
considered as a resource requester/receiver. 

Regarding claim 2, Rothrock discloses the method of claim 1 comprising an 
.authenticator on the computing device ascertaining that the requesting RR has rights to 
the resource and is to be trusted with the resource wherein, the authenticator referring 
to the security-related information in the id corresponding to the RR [Claim 2, 
performing signature verification of the content license prior to determining if the user 
has rights to access the content]. 

Regarding claim 3, Rothrock discloses the method of claim 1 wherein the 
forwarded request further includes a digital signature based on at least one of the 
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calculated code-ID for the requesting RR, the id for the requesting RR, and the 
definition of the resource requested by the RR, the signature being verifiable based on a 
security key shared with the RP [FIG. 3 and column 5, lines 52-61, module identification 
information field identifies a program module. Signature comprises the digital signature 
of the contents of the SBDF (signed binary description file)]. 

Regarding claim 4, Rothrock discloses the method of claim 1 wherein the id 
includes therein a set of security-related name-value pairs available as input to at least 
one of the RR, the RP, and an operating system on the computing device upon which 
the RR operates [FIG. 5, adaptive security table including one or more entries. Each 
entry includes at least a security factor identifier (ID) and corresponding factor value.]. 

Regarding claim 5, Rothrock discloses the method of claim 4 wherein the name- 
value pairs describe at least one of the environment within which the RR operates, 
whether the RR is to be operated in an isolated process, and each entry point by which 
the RR can be accessed [FIG. 5 and column 6, lines 51-56, each security factor 
references a particular security defense or feature that may be provided by the security 
system operating on the user's machine]. 

Regarding claim 9, Rothrock discloses a method of providing a resource by a 
resource provider (RP) to a resource requester (RR) operating on a computing device, 
the RP being a software or hardware construct providing the resource, the RR having 
an identity descriptor (id) associated therewith, the id including security-related 
information specifying an environment in which the RR operates, the method 
comprising: 
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receiving a forwarded request from the RR for the resource, the forwarded 
request including a code identity (code-ID) calculated for the requesting RR, the 
calculated code-ID corresponding to and based on the RR and the id as loaded on the 
computing device, the forwarded request also including the id for the requesting RR and 
a definition of the resource requested by the RR [col. 7, lines 64-67, At block 102, the 
player passes SBDFs for the relevant modules (player, plug-in, and agent), the content 
license, and encrypted content to the agent.]; 

verifying the received request [col. 7, line 67 - col. 8, line 2]; 

obtaining the code-ID, the id, and the definition of the resource requested from 
the received request [col. 7, lines 64-67, At block 102, the player passes SBDFs for the 
relevant modules (player, plug-in, and agent), the content license, and encrypted 
content to the agent]; 

determining from the received request an identity of the requesting RR [col. 7, 
lines 64-67, security factor Ids are in the content license]; 

obtaining each of one or more valid code-IDs for the identified RR [col. 7, lines 
64-67, security factor values are in the content license]; 

verifying that the calculated code-ID in the received request matches one of one 
or more valid code-IDs for the identified RR and concluding based thereon that the RR 
can be trusted as being a known RR that can be presumed to be trustworthy, and also 
that the security-related information upon which the RR operates is known security- 
related information that can be presumed to be trustworthy [col. 7, line 64 - col. 8, line 
9]; 
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responding to the forwarded request by providing the requested resource to the 
RR, the RR receiving the requested resource as provided by the RP and employing 
same in a manner consistent with the trust imparted to the RR by the RP, and in 
accordance with the security-related information set forth in the id corresponding to the 
RR [FIGs. 6, 7, and col. 7, line 64 - col. 8, line 48]. 

Regarding claim 10, Rothrock discloses the method of claim 9 comprising 
receiving the forwarded request from an authenticator on the computing device 
ascertaining that the requesting RR has rights to the resource and is to be trusted with 
the resource wherein, the authenticator referring to the security-related information in 
the id corresponding to the RR [Claim 2, performing signature verification of the content 
license prior to determining if the user has rights to access the content]. 

Regarding claim 11, Rothrock discloses the method of claim 9 wherein the 
forwarded request further includes a digital signature based on at least one of the 
calculated code-ID for the requesting RR, the id for the requesting RR, and the 
definition of the resource requested by the RR, the method further comprising verifying 
the signature [FIG. 3 and column 5, lines 52-61, module identification information field 
identifies a program module. Signature comprises the digital signature of the contents of 
the SBDF (signed binary description file)]. 

Regarding claim 12, Rothrock discloses the method of claim 9 further comprising 
validating the forwarded request based on other information therein [col. 6, lines 37-50, 
digital signature]. 
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Regarding claim 13, Rothrock discloses the method of claim 9 further comprising 
determining that the requested resource is available and/or can be provided. It is well 
expected that the requested resource is available and/or can be provided before the 
resource provider does security checking on the resource requester. 

Regarding claim 14, Rothrock discloses the method of claim 9 wherein the id 
includes therein a set of security-related name-value pairs available as input to at least 
one of the RR, the RP, and an operating system on the computing device upon which 
the RR operates [FIG. 5, adaptive security table including one or more entries. Each 
entry includes at least a security factor identifier (ID) and corresponding factor value.]. 

Regarding claim 15, Rothrock discloses the method of claim 14 wherein the 
name-value pairs describe at least one of the environment within which the RR 
operates, whether the RR is to be operated in an isolated process, and each entry point 
by which the RR can be accessed [FIG. 5 and column 6, lines 51-56, each security 
factor references a particular security defense or feature that may be provided by the 
security system operating on the user's machine]. 

Claim 1 9 is of the same scope as claim 1 . It is rejected for the same reason as 
for claim 1. 

Claim 20 is of the same scope as claim 2. It is rejected for the same reason as 
for claim 2. 

Claim 21 is of the same scope as claim 3. It is rejected for the same reason as 
for claim 3. 



Application/Control Number: 10/692,224 
Art Unit: 2157 



Page 10 



Claim 22 is of the same scope as claim 4. It is rejected for the same reason as 
for claim 4. 

Claim 23 is of the same scope as claim 5. It is rejected for the same reason as 
for claim 5. 

Claim 27 is of the same scope as claim 9. It is rejected for the same reason as 
for claim 9. 

Claim 28 is of the same scope as claim 10. It is rejected for the same reason as 
for claim 10. 

Claim 29 is of the same scope as claim 11. It is rejected for the same reason as 
for claim 11. 

Claim 30 is of the same scope as claim 12. It is rejected for the same reason as 
for claim 12. 

Claim 31 is of the same scope as claim 13. It is rejected for the same reason as 
for claim 13. 

Claim 32 is of the same scope as claim 14. It is rejected for the same reason as 
for claim 14. 

Claim 33 is of the same scope as claim 15. It is rejected for the same reason as 
for claim 15. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
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a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness or 
nonobviousness. 

5. Claims 6-8, 16-18, 24-26 and 34-36 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rothrock in view of Mourad et al (US 7,171,558 B1, hereinafter 
Mourad). 

Regarding claim 6, Rothrock discloses the method of claim 1 but doesn't disclose 
wherein the code-ID is calculated from a digest of the RR and the id. However, Mourad 
discloses a method of creating a code digest (column 6, lines 21-24). It would have 
been obvious to one of ordinary skill in the art to incorporate the teaching of Mourad into 
the method of Rothrock at the time of the invention to use a digest to achieve content 
protection and rights enforcement. 

Regarding claim 7, together Rothrock and Mourad disclose the method of claim 

6, Mourad further discloses wherein the code-ID is a hash of the RR concatenated with 
the id thereof [col. 6, lines 53-57]. 

Regarding claim 8, together Rothrock and Mourad disclose the method of claim 

7, Rothrock further discloses wherein the code-ID is a concatenation of two hashes, 



Application/Control Number: 10/692,224 Page 12 

Art Unit: 2157 

each hash being of the RR concatenated with the id thereof [col. 8, lines 15-22, the 
hash of one or more secure functions implies two or more hashes]. 

Claims 16, 24, and 34 are of the same scope as claim 6. They are rejected for 
the same reason as for claim 6. 

Claims 17, 25, and 35 are of the same scope as claim 7. They are rejected for 
the same reason as for claim 7. 

Claims 18, 26, and 36 are of the same scope as claim 8. They are rejected for 
the same reason as for claim 8. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

Wheeler et al. (US 6,851,054 B2) discloses an account-based digital signature 
(ABDS) system for authenticating entity access to controlled resource. 

Raley et al. (US 7,206,941 B2) discloses a method and apparatus for validating 
security components through a request for content. 

Examiner's Note: Examiner has cited particular columns and line numbers in 
the references applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in entirety as potentially teaching all or part 
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of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the Examiner. 

In the case of amending the claimed invention, Applicant is respectfully 
requested to indicate the portion(s) of the specification which dictate(s) the structure 
relied on for proper interpretation and also to verify and ascertain the metes and bounds 
of the claimed invention. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael C. Lai whose telephone number is (571) 270- 
3236. The examiner can normally be reached on M-F 8:30 - 5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





YVES DALENCOURT 
PRIMARY EXAMINER 

TECHNOLOGV CENTER 2100 



Application/Control Number: 10/692,224 Page 
Art Unit: 2157 



Michael C. Lai 
08NOV2007 



